I have a use case that sometimes requires my app to use the Resource Owner Password OAuth flow. I’ve setup all of the necessary pieces in my OktaDev account and can successfully retrieve a token response using Postman. When I try and make the same API call from my application I receive this error message in the Okta response “Browser requests to the token endpoint must use Proof Key for Code Exchange”.
Can you pls check if this article helps?
Thanks. It helps insomuch as it tells me that I cannot make this specific /token call from the browser application and that I will have to create an end-point in my back-end server to proxy the request to Okta. Bummer, it means that it will require more work to accomplish what I need to do.
I haven’t looked through the Okta source code yet but curious if you know how the Okta Angular service accomplishes getting the access token without calling /token?
Never-mind, I realize the other flows have different sequences of information exchange with the client.
Ok. Sounds great. Yup, you can try other flows.